From owner-freebsd-bugs Wed Sep 10 03:22:31 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA21748 for bugs-outgoing; Wed, 10 Sep 1997 03:22:31 -0700 (PDT) Received: from innocence.interface-business.de (innocence.interface-business.de [193.101.57.202]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA21727; Wed, 10 Sep 1997 03:22:16 -0700 (PDT) Received: from ida.interface-business.de (ida.interface-business.de [193.101.57.203]) by innocence.interface-business.de (8.6.11/8.6.9) with SMTP id MAA00529; Wed, 10 Sep 1997 12:22:06 +0200 Received: (from j@localhost) by ida.interface-business.de (8.8.7/8.7.3) id MAA01077; Wed, 10 Sep 1997 12:22:05 +0200 (MET DST) Message-ID: <19970910122202.WS38344@ida.interface-business.de> Date: Wed, 10 Sep 1997 12:22:02 +0200 From: j@ida.interface-business.de (J Wunsch) To: bugs@freebsd.org Cc: dfr@freebsd.org, dyson@freebsd.org Subject: Yet another 2.2-stable NFS (client) panic X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Phone: +49-351-31809-14 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Organization: interface business GmbH, Dresden Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) Sender: owner-freebsd-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Fatal trap 12: page fault while in kernel mode fault virtual address = 0x87654371 fault code = supervisor read, page not present instruction pointer = 0x8:0xf013476f stack pointer = 0x10:0xefbffdb0 frame pointer = 0x10:0xefbffdc0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 3 current process = 7004 (hpscan) interrupt mask = bio 0xf013476f : movl 0x50(%edx),%eax Register %edx had the fairly suspicious value 0x87654321. Alas, the register values seem to have been clobbered when taking the coredump from within DDB. Here's the stack trace (modulo the frames that were caused by the DDB `panic' command, and a subsequent page fault inside DDB): #23 0xf01c78f7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073706944, tf_esi = -257406464, tf_ebp = -272630336, tf_isp = -272630372, tf_ebx = -225681520, tf_edx = -2023406815, tf_ecx = -225811320, tf_eax = 128, tf_trapno = 12, tf_err = 0, tf_eip = -267171985, tf_cs = 8, tf_eflags = 78470, tf_esp = -225681520, tf_ss = -225681520}) at ../../i386/i386/trap.c:311 #24 0xf013476f in reassignbuf (bp=0xf28c5f90, newvp=0xf0a84a00) at ../../kern/vfs_subr.c:670 #25 0xf012f2f5 in bdwrite (bp=0xf28c5f90) at ../../kern/vfs_bio.c:410 #26 0xf015a5d6 in nfs_write (ap=0xefbffee8) at ../../nfs/nfs_bio.c:710 #27 0xf0139247 in vn_write () #28 0xf011efc3 in write () #29 0xf01c8417 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 512, tf_esi = 136170860, tf_ebp = -272639304, tf_isp = -272629788, tf_ebx = 136110176, tf_edx = 4505583, tf_ecx = 4505583, tf_eax = 4, tf_trapno = 7, tf_err = 7, tf_eip = 136061205, tf_cs = 31, The current process above was doing heavy NFS writing by the time of this panic. (The NFS server is also a FreeBSD-2.2-something machine.) Not sure whether it was a concidence, but right at the moment the panic happened, i had just issued an `ntpdate' command on the NFS server machine, causing it to change its system clock by ~ 45 seconds. (kgdb) up 24 #24 0xf013476f in reassignbuf (bp=0xf28c5f90, newvp=0xf0a84a00) at ../../kern/vfs_subr.c:670 670 (tbp->b_vnbufs.le_next->b_lblkno < bp->b_lblkno)) { (kgdb) l 670 665 tbp = newvp->v_dirtyblkhd.lh_first; 666 if (!tbp || (tbp->b_lblkno > bp->b_lblkno)) { 667 bufinsvn(bp, &newvp->v_dirtyblkhd); 668 } else { 669 while (tbp->b_vnbufs.le_next && 670 (tbp->b_vnbufs.le_next->b_lblkno < bp->b_lblkno)) { 671 tbp = tbp->b_vnbufs.le_next; 672 } 673 LIST_INSERT_AFTER(tbp, bp, b_vnbufs); 674 } (kgdb) up #25 0xf012f2f5 in bdwrite (bp=0xf28c5f90) at ../../kern/vfs_bio.c:410 410 reassignbuf(bp, bp->b_vp); (kgdb) l 410 405 return; 406 } 407 bp->b_flags &= ~(B_READ|B_RELBUF); 408 if ((bp->b_flags & B_DELWRI) == 0) { 409 bp->b_flags |= B_DONE | B_DELWRI; 410 reassignbuf(bp, bp->b_vp); 411 } 412 413 /* 414 * This bmap keeps the system from needing to do the bmap later, (kgdb) up #26 0xf015a5d6 in nfs_write (ap=0xefbffee8) at ../../nfs/nfs_bio.c:710 710 bdwrite(bp); (kgdb) l 710 705 (nmp->nm_flag & NFSMNT_NQNFS) == 0) { 706 bp->b_proc = (struct proc *)0; 707 bp->b_flags |= B_ASYNC; 708 (void)nfs_writebp(bp, 0); 709 } else 710 bdwrite(bp); 711 } while (uio->uio_resid > 0 && n > 0); 712 return (0); 713 } 714 The coredump is still available if somebody has further questions. -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j